我们有一个运行 Microchip 固件的机器控制器,通过 LAN (eth0) 100% 与 LINUX 计算机配合使用 14 年。现在需要使用 Windows 7 运行。不幸的是,Windows 定期发出一大堆无端请求。最终这些请求导致微控制器崩溃。我尝试过禁用 LLMNR、IGMP、SSDP、路由、IPV6、ARP 和 NBT-NS。有帮助但没有解决。如果我可以停止 svchost 请求,那会有所帮助,因为 ARP 请求似乎不是问题。
编辑:svchost 已禁用:o))“在 Windows 中禁用主动 Internet 探测 (NCSI)”
{Frame Time Date Time Offset Process Name Source Destination Protocal Description
1 10:59:48 14/08/2017 12.3275999 NetmonFilter NetmonFilter:Updated Capture Filter: None
2 10:59:48 14/08/2017 12.3275999 NetworkInfoEx NetworkInfoEx:Network info for , Network Adapter Count = 1
3 10:59:48 14/08/2017 12.3275999 192.168.1.20 192.168.1.6 ARP ARP:Request, 192.168.1.20 asks for 192.168.1.6
4 10:59:48 14/08/2017 12.3282422 192.168.1.6 192.168.1.20 ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9
5 10:59:49 14/08/2017 12.4985887 0.0.0.0 192.168.1.20 ARP ARP:Request, 0.0.0.0 asks for 192.168.1.20
6 10:59:49 14/08/2017 12.4986781 192.168.1.20 224.0.0.22 IGMP IGMP:IGMPv3 Membership Report {IPv4:1}
7 10:59:49 14/08/2017 12.4992127 192.168.1.6 0.0.0.0 ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9
8 10:59:49 14/08/2017 12.9986822 192.168.1.20 224.0.0.22 IGMP IGMP:IGMPv3 Membership Report {IPv4:1}
9 10:59:50 14/08/2017 13.4986212 0.0.0.0 192.168.1.20 ARP ARP:Request, 0.0.0.0 asks for 192.168.1.20
10 10:59:50 14/08/2017 13.4992550 192.168.1.6 0.0.0.0 ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9
11 10:59:51 14/08/2017 14.4986969 0.0.0.0 192.168.1.20 ARP ARP:Request, 0.0.0.0 asks for 192.168.1.20
12 10:59:51 14/08/2017 14.4994162 92.168.1.6 0.0.0.0 ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9
13 10:59:52 14/08/2017 15.5147308 192.168.1.20 192.168.1.6 ARP ARP:Request, 192.168.1.20 asks for 192.168.1.6
14 10:59:52 14/08/2017 15.5153513 192.168.1.6 192.168.1.20 ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9
15 10:59:52 14/08/2017 15.5396148 192.168.1.20 192.168.1.6 ARP ARP:Request, 192.168.1.20 asks for 192.168.1.6
16 10:59:52 14/08/2017 15.5402584 192.168.1.6 192.168.1.20 ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9
17 10:59:52 14/08/2017 15.5528560 192.168.1.20 192.168.1.6 ARP ARP:Request, 192.168.1.20 asks for 192.168.1.6
18 10:59:52 14/08/2017 15.5535065 192.168.1.6 192.168.1.20 ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9
19 10:59:56 14/08/2017 19.5214914 svchost.exe 192.168.1.20 88.221.254.123 TCP TCP:Flags=......S., SrcPort=54230, DstPort=HTTP(80), PayloadLen=0, Seq=4050891366, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 {TCP:3, IPv4:2}
20 10:59:56 14/08/2017 19.5223390 svchost.exe 88.221.254.123 192.168.1.20 TCP TCP:Flags=...A..S., SrcPort=HTTP(80), DstPort=54230, PayloadLen=0, Seq=0, Ack=4050891367, Win=4096 ( Scale factor not supported ) = 4096 {TCP:3, IPv4:2}
21 10:59:56 14/08/2017 19.5223857 svchost.exe 192.168.1.20 88.221.254.123 TCP TCP:Flags=...A...., SrcPort=54230, DstPort=HTTP(80), PayloadLen=0, Seq=4050891367, Ack=1, Win=17520 (scale factor 0x0) = 17520 {TCP:3, IPv4:2}
22 10:59:56 14/08/2017 19.5226940 svchost.exe 192.168.1.20 88.221.254.123 HTTP HTTP:Request, GET /ncsi.txt {HTTP:4, TCP:3, IPv4:2}
23 10:59:56 14/08/2017 19.8278302 svchost.exe 192.168.1.20 88.221.254.123 TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520 {TCP:3, IPv4:2}
24 10:59:56 14/08/2017 20.4281386 svchost.exe 192.168.1.20 88.221.254.123 TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520 {TCP:3, IPv4:2}
25 10:59:58 14/08/2017 21.6281447 svchost.exe 192.168.1.20 88.221.254.123 TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520 {TCP:3, IPv4:2}
26 10:59:59 14/08/2017 22.8281828 svchost.exe 192.168.1.20 88.221.254.123 TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520 {TCP:3, IPv4:2}
27 11:00:00 14/08/2017 24.0282154 svchost.exe 192.168.1.20 88.221.254.123 TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520 {TCP:3, IPv4:2}
28 11:00:01 14/08/2017 24.9982180 192.168.1.20 192.168.1.6 ARP ARP:Request, 192.168.1.20 asks for 192.168.1.6
29 11:00:01 14/08/2017 24.9988881 192.168.1.6 192.168.1.20 ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9
30 11:00:02 14/08/2017 26.4282788 svchost.exe 192.168.1.20 88.221.254.123 TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520 {TCP:3, IPv4:2}
31 11:00:07 14/08/2017 31.2258517 svchost.exe 192.168.1.20 88.221.254.123 TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520 {TCP:3, IPv4:2}
32 11:00:17 14/08/2017 40.8293165 svchost.exe 192.168.1.20 88.221.254.123 TCP TCP:Flags=...A.R.., SrcPort=54230, DstPort=HTTP(80), PayloadLen=0, Seq=4050891464, Ack=1, Win=0 (scale factor 0x0) = 0 {TCP:3, IPv4:2}
答案1
一般来说,网络设备应该能够应对无端流量,但除了尝试关闭客户端上的流量之外,还有各种方法。客户端方法很耗时,而且一旦发生任何变化,就很容易需要进一步干预。网络方法针对问题的根源(机器控制器),并且是永久性的:
将设备放在自己的网络(网段)上。这将彻底消除所有广播流量。您还可以通过过滤路由器/防火墙非常轻松地限制对设备的访问。新的网段/子网可以是专用路由器端口、连接到路由器端口的交换机或 VLAN。
将设备放在能够使用 ACL 的交换机上,并在端口级别过滤所有不需要的流量。最有可能的是,您只想允许几个源 IP 或 MAC 地址,并丢弃所有其他地址。
一些交换机支持“保护端口”功能,您可以限制机器控制器的端口仅与所需的端口进行通信。